#!/bin/ksh
#
# GPGDistrib -- make lsof 4.x GPG distribution files

# Define DEBUG to 1 in the environment to skip to the README file construction.
#
# Usage: GPGDistrib [edition]
#
#	edition		optional edition suffix to add to version number
#set -x	# DEBUG

if test "X$DEBUG" = "X"
then
  DEBUG=0
fi

# Check for GPG pass phrase.

if test $DEBUG -eq 0
then
  if test "X$PGPPASS" = "X"
  then
    echo "No GPG pass phrase is defined in the environment."
    exit 1
  fi
fi

# Change working directory.

HD=$HOME/src/lsof4
echo Changing to $HD
cd $HD

# Get version number.

V=`sed '/VN/s/.ds VN \(.*\)/\1/' version`
if test $? -ne 0
then
  echo $V
  exit 1
fi

# Handle optional edition suffix.

if test $# -gt 0
then
  if test $# -gt 1
  then
    echo "Usage: GPGDistrib [edition]"
    exit 1
  fi
  V=${V}$1
fi

# Define directory and archive file names.

CK=CHECKSUMS_${V}
DN=lsof_${V}
DT=${DN}.tar
M=00MANIFEST
MC=${DN}/manifest_check.${V}
R=README.lsof_${V}
RM=00.README.FIRST_${V}
SF=support/lsof.README
DSF=RELEASE.SUMMARY_${V}
SN=${DN}_src
SD=${DN}/$SN
ST=${SN}.tar
echo "Creating lsof ${V} GPG distribution ..."

# Define source files to copy.

F="00.README.FIRST 00CREDITS 00DCACHE 00DIALECTS 00DIST 00FAQ 00LSOF-L 00MANIFEST 00PORTING 00QUICKSTART 00README 00TEST 00XCONFIG AFSConfig ChangeLog Configure Customize Inventory dialects arg.c lib lsof.h lsof_fields.h main.c misc.c node.c print.c proc.c proto.h regex.h scripts store.c tests usage.c util.c version"
MS=Lsof.8
MD=${DN}/${SN}/lsof.8
MF=${DN}/${SN}/lsof.man

# Set exit cleanup trap.

trap 'rm -rf support/$CK $DN; exit' 1 2 3 15

# Create source directory.

if test $DEBUG -eq 0
then
  echo Creating $DN and ${DN}/${SN}
  rm -rf $DN
  mkdir $DN
  (cd $DN; mkdir $SN)
  echo "Copying to ${SD}:\c"
  for i in $F
  do
    echo " $i\c"
    cp -rp $i $SD
  done
  echo " ... done"
  echo "Removing extraneous stuff from lib ...\c"
  find $SD/lib -name OLD -exec rm -rf {} \; > /dev/null 2>&1
  find $SD/lib -name RCS -exec rm -rf {} \; > /dev/null 2>&1
  find $SD/lib -name NEW -exec rm -rf {} \; > /dev/null 2>&1
  rm -rf $SD/lib/Makefile
  rm -rf $SD/lib/*.[oa]
  echo " done"
  echo "Removing extraneous stuff from dialects ...\c"
  find $SD/dialects -name OLD -exec rm -rf {} \; > /dev/null 2>&1
  find $SD/dialects -name RCS -exec rm -rf {} \; > /dev/null 2>&1
  find $SD/dialects -name NEW -exec rm -rf {} \; > /dev/null 2>&1
  find $SD/dialects -name Makefile.local -exec rm -f {} \; > /dev/null 2>&1
  find $SD/dialects -name distfile.kvm -exec rm -f {} \; > /dev/null 2>&1
  find $SD/dialects -name support -exec rm -rf {} \; > /dev/null 2>&1
  echo " done"
  echo "Removing extraneous stuff from scripts ...\c"
  find $SD/scripts -name OLD -exec rm -rf {} \; > /dev/null 2>&1
  find $SD/scripts -name RCS -exec rm -rf {} \; > /dev/null 2>&1
  find $SD/scripts -name NEW -exec rm -rf {} \; > /dev/null 2>&1
  echo " done"
  echo "Removing extraneous stuff from tests ...\c"
  find $SD/tests -name OLD -exec rm -rf {} \; > /dev/null 2>&1
  find $SD/tests -name RCS -exec rm -rf {} \; > /dev/null 2>&1
  find $SD/tests -name NEW -exec rm -rf {} \; > /dev/null 2>&1
  rm -rf $SD/tests/config.* $SD/tests/*.o
  rm -rf $SD/tests/LTbasic $SD/tests/LTbigf $SD/tests/LTdnlc
  rm -rf $SD/tests/LTlock $SD/tests/LTnfs $SD/tests/LTnlink
  rm -rf $SD/tests/LTsock $SD/tests/LTszoff $SD/tests/LTunix
  echo " done"
fi

# Create manual page files.

if test $DEBUG -eq 0
then
  echo Producing $MD
  soelim < $MS > $MD
  echo Producing $MF
  nroff -man $MD | colcrt - | cat -s > $MF
fi

# Check distribution directory for completeness.

if test $DEBUG -eq 0
then
  echo "Checking $SD for completeness"
  rm -f $MC
  (cd $SD; ls -FR) > $MC
  diff $M $MC > /dev/null
  if test $? -ne 0
  then
    (echo Some files may be missing.; echo diff $M $MC; diff $M $MC) | less
    exit 1
  fi
fi

# Create source distribution tar file.

if test $DEBUG -eq 0
then
  echo Creating $ST in $DN
  (cd $DN; tar cf $ST $SN; ls -l $ST)
  echo Removing $SD
  rm -rf $SD
fi

# Create source distribution README.lsof_<version> file.

if test $DEBUG -eq 0
then
  echo Creating $R for $DT
  rm -f ${DN}/$R
  EO=${DN}/$R
else
  echo "==== The $R file ====="
  EO=""
fi
cat > $EO << END_README_1

                Information About This Lsof Distribution


What You Have
=============

If you got this far without being confused, then you are probably
familiar with the construction of the lsof distribution or you have
read RELEASE.SUMMARY_${V}.  If either is the case, please skip to
the Inventory section.  If you haven't read RELEASE.SUMMARY_${V},
I suggest you do it now, because it explains how the lsof distribution
is constructed and other useful things about lsof, including a
summary of changes for the past few lsof revisions.

Even though you may have thought you were getting lsof.tar.bz2,
lsof.tar.gz or lsof.tar.Z with ftp, you really got ${DT}.bz2,
${DT}.gz or ${DT}.Z.  That's because the triplet of
lsof.tar.* files are symbolic links to their longer-named counterparts.

The bzip2'd, gzip'd or compressed tar files with lsof_, followed by a
number, are wrapper archives, designed to package the lsof source
archive, this file, other documentation files, and a GPG authentication
certificate together.

The number, ${V}, is the lsof revision number.  When you bunzip2'd,
gunzip'd or uncompressed ${DT}.* and used tar to unpack
${DT}, you got: ${RM}, describing the contents
of ${DN}; ${R}; ${ST}; and
${ST}.sig.  All are identified with the revision number.
You're reading ${R}.  ${ST}.sig is a GPG
certificate that authenticates the lsof source archive,
${ST}.

After you read the Inventory and Security sections, and hopefully
after you check the GPG certificate, unpack the ${ST}
source archive and you will get a sub-directory, named ${SN},
that contains the lsof ${V} source distribution.


Inventory
=========

Once you have unpacked ${ST}.tar, you can check
${SN} for completeness by changing to that sub-directory
and running the Inventory script.  The ${SN}/Configure
script runs the Inventory script, too.  The Configure script also
calls a customization script, called Customize.  You can direct
Configure to avoid calling Inventory and Customize with the -n
option.

See the Distribution Contents section of the 00DIST file and The
Inventory Script section of the 00README file for more information
on the contents of the lsof distribution, and the Configure,
Customize and Inventory scripts.  The 00DIST and 00README files
will be found in the ${SN} sub-directory you just created.


Security
========

The md5 checksum for $ST is:

END_README_1
echo "  \c" >> $EO
if test $DEBUG -eq 1
then
  echo "MD5 checksum of $ST would go here." >> $EO
else
  (cd $DN; md5 $ST) >> $EO
fi
cat >> $EO << END_README_2

A good source for an MD5 checksum computation tool is the OpenSSL
project whose work may be found at:

  www.openssl.org

You can use the openssl "dgst" operator to compute an MD5 checksum --
e.g.,

  $ openssl dgst -md5 $SN

The old-style sum(1) checksum for $ST (Please read
the next paragraph if you don't get this value.) is:

END_README_2
echo "  \c" >> $EO
if test $DEBUG -eq 1
then
  echo "Sum checksum of $ST would go here." >> $EO
else
  sum -r ${DN}/$ST >> $EO
fi
cat >> $EO << END_README_3

If your dialect's sum(1) program defaults to the new style algorithm
(e.g., Solaris), you may have to use its -r option (or use the
Solaris /usr/ucb/sum).  If your Unix dialect doesn't have a sum(1)
program (e.g., FreeBSD, or NetBSD), use its cksum(1) program with
the -o1 option to get an old-style checksum.  You may also need to
ignore the block count, depending on the block size used on your
your system (i.e., 512 or 1,024).  The sum(1) that produced the
above checksum considers block size to be 512; in contrast the BSD
cksum(1) programs' -o1 option considers block size to be 1,024.

${ST}.sig is a GPG certificate file, using my public
key.  My key may be available on some public key servers under the
names:

    Victor A. Abell <abe@cc.purdue.edu>
 or
    Victor A. Abell <abe@purdue.edu>

You will also find it at:

  ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/Victor_A_Abell.gpg

Get my key and install it in your public key ring.

Once my key is installed, use this command to check the certificate
of $ST:

    gpg --verify ${ST}.sig $ST

If the certificate check isn't good, $ST is suspect.
Report the problem to me via e-mail at <abe@purdue.edu>.

If you don't have GPG, you can compare the md5 checksum of
$ST to the value listed in this file.  However, that
is a less reliable authentication method, since it can't detect
changes to both $ST and the md5 checksum value listed
in this tile.

Other Security
==============

Signature information for the distribution file that contains
this file may be found in the CHECKSUMS file that is located
where the distribution file was found.


Victor A. Abell <abe@purdue.edu>
END_README_3

date >> $EO

# Create GPG certificate.

if test $DEBUG -eq 0
then
  echo Creating ${ST}.sig in $DN
  (cd $DN; rm -f ${ST}.sig; \
   echo $PGPPASS | gpg -o ${ST}.sig --passphrase-fd 0 -b $ST; \
   chmod 644 ${ST}.sig)
fi

# Construct distribution's 00.README_FIRST_<version> file.

if test $DEBUG -eq 0
then
  echo Creating $RM for $DT
  rm -f ${DN}/$RM
  EO=${DN}/$RM
else
  echo ""
  echo "==== The $RM file ====="
  echo ""
  EO=""
fi
echo "A tour of the lsof_${V} distribution:" > $EO
echo "" >> $EO
echo "  $RM is this file." >> $EO
echo "" >> $EO
echo "  $R contains distribution and security information." >> $EO
echo "" >> $EO
echo "  ${DSF} contains a summary of the lsof ${V}" >> $EO
echo "  distribution." >> $EO
echo "" >> $EO
echo "  $ST is the lsof ${V} source tar archive." >> $EO
echo "" >> $EO
echo "  ${ST}.sig is a detached GPG certificate for" >> $EO
echo "  ${ST}." >> $EO
echo "" >> $EO
echo "I suggest you follow these steps:" >> $EO
echo "" >> $EO
echo "1.  Read ${RM}." >> $EO
echo "" >> $EO
echo "2.  Read ${R} and follow its instructions to verify" >> $EO
echo "    the authenticity of ${ST}." >> $EO
echo "" >> $EO
echo "3.  Unpack ${ST} -- use \`tar xf ${ST}\`." >> $EO
echo "    That will produce an ${SN} sub-directory." >> $EO
echo "" >> $EO
echo "4.  Change to the ${SN} sub-directory and read its" >> $EO
echo "    00.README.FIRST file." >> $EO
echo "" >> $EO
echo "Vic Abell <abe@purdue.edu>" >> $EO
echo `date` >> $EO

# Create distribution summary file.

if test $DEBUG -eq 0
then
  echo Creating ${DN}/$DSF
  rm -f ${DN}/$DSF
  cp $SF ${DN}/$DSF
else
  echo Distribution summary file would be ${DN}/$DSF, copied from $SF.
fi

# Create distribution tar file, then bzip2, compress and gzip it.

if test $DEBUG -eq 0
then
  rm -f $MC
  echo Creating $DT
  rm -f $DT ${DT}.bz2 ${DT}.gz ${DT}.Z
  tar cf $DT $DN
  ls -l $DT
  echo Bzip2ing $DT
  bzip2 -c $DT > support/${DT}.bz2
  ls -l support/${DT}.bz2
  echo Gzipping $DT
  gzip -c $DT > support/${DT}.gz
  ls -l support/${DT}.gz
  echo Compressing $DT
  compress < $DT > support/${DT}.Z
  ls -l support/${DT}.Z
  echo Removing $DN and $DT
  rm -rf $DN $DT

  # Create checksum files.

  for i in bz2 gz Z
  do
    echo Creating ${DT}.${i}.sig
    SIG=support/${DT}.${i}.sig
    SRC=support/${DT}.${i}
    rm -f $SIG
    echo $PGPPASS | gpg -o $SIG --passphrase-fd 0 -b $SRC
  done
  echo Creating $CK
  rm -f support/$CK
  cat >> support/$CK << END_CKSUM_1

                        Checksums for lsof_${V}

This file was created when the official lsof ${V} distribution files
were created.  It contains MD5 checksums and GPG certificate
information for the lsof ${V} bzip2, gzip and compressed distribution
files.

There are additional opportunities to validate the lsof distribution
with infomation found inside it.  Consult the file ${R}
inside the distribution.

MD5 Checksums
=============

The MD5 checksums are:

END_CKSUM_1

  for i in bz2 gz Z
  do
    echo "  \c" >> support/$CK
    (cd support; md5 ${DT}.$i >> $CK)
  done

cat >> support/$CK << END_CKSUM_2

GPG Certificates
================

The following files, found with the lsof distribution files, contain
GPG certificates:

  lsof.tar.bz2.sig or ${DT}.bz2.sig
  lsof.tar.gz.sig  or ${DT}.gz.sig
  lsof.tar.Z.sig   or ${DT}.Z.sig

Validating a GPG certificate is the best way to make sure no one has
tampered with a distribution file.

Use the GPG certificate files with the GPG public key for:

  Victor A. Abell <abe@purdue.edu>

You may be able to find the key on some public key servers.  It is also
available at:

  ftp://lsof.itap.purdue.edu/pub/tools/unix/lsof/Victor_A_Abell.gpg

Get the key and install it in your public key ring.  Once the key is
installed, use one of these command forms to check the certificate of a
distribution file:

  gpg --verify ${DT}.<type>.sig ${DT}.<type>

or

  gpg --verify lsof.tar.<type>.sig lsof.tar.<type>

Where <type> is bz2, gz or Z.

Problems
========

If an MD5 or GPG check reveals a problem, please report it via e-mail
to <abe@purdue.edu>.


Vic Abell
END_CKSUM_2
date >> support/$CK
(cd support; ls -l $CK)
fi
echo "all done"
